Solved: trying to parse out a timestamp

ytl · ‎11-12-2013

i have a log that looks something like this:

terminate_type=VOICE timestamp=11/05 14:43 trunk=A044003

the format is "month/date hour/minute". under the data preview advanced pane to parse the file, i use

# your settings
NO_BINARY_CHECK=1
SHOULD_LINEMERGE=false
TIME_FORMAT=%m/%d
TIME_PREFIX=timestamp\=
TZ=America/Los_Angeles

and it picks up the month and date fine (11/5/13). however, when i edit the format to try and pick up the time with something like:

TIME_FORMAT=%m/%d %h:%M

it screws up and thinks that the date is now:

5/14/11 2:43:00.000 PM

ie the date, month and year are all screwed up.

any suggestions welcome!

ShaneNewman · ‎11-12-2013

TIME_FORMAT=%m/%d %H:%M

Use %H when it is a 24 hour clock, %h is for a 12 hour clock.

jtrucks · ‎11-12-2013

Try:

TIME_FORMAT = %m/%d %H:%M

You were using 12hr hour setting, but your log data is in 24hr notation.

--
Jesse Trucks
Minister of Magic

ShaneNewman · ‎11-12-2013

TIME_FORMAT=%m/%d %H:%M

Use %H when it is a 24 hour clock, %h is for a 12 hour clock.

ShaneNewman · ‎11-12-2013

Awesome, glad I could help!

ytl · ‎11-12-2013

duh! thanks! that worked a treat.

trying to parse out a timestamp